No valid IP addresses found for my domain

I'm facing issues in generating Letsencrypt SSL certificates for a domain mapped to a private address. (192.168.19.15)

My domain is: elk.internal.mindcurv.com and its a public domain (Verified from DNS Checker - DNS Check Propagation Tool)

jerald@jeraldsm:~$ nslookup elk.internal.mindcurv.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: elk.internal.mindcurv.com
Address: 192.168.19.15

I ran this command for generating SSL certificate:
./letsencrypt-auto certonly --standalone -d elk.internal.mindcurv.com

It produced the following output:

[root@elk-slreport letsencrypt]# ./letsencrypt-auto certonly --standalone -d elk.internal.mindcurv.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for elk.internal.mindcurv.com
Waiting for verification...
Challenge failed for domain elk.internal.mindcurv.com
http-01 challenge for elk.internal.mindcurv.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

I have also tried using the command "cerbot --apache". This one also failed with similar error:

[root@elk-slreport ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?


1: elk.internal.mindcurv.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for elk.internal.mindcurv.com
Waiting for verification...
Challenge failed for domain elk.internal.mindcurv.com
http-01 challenge for elk.internal.mindcurv.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The operating system my web server runs on is (include version): CentOS Linux release 7.7.1908 (Core)

My hosting provider, if applicable, is: Apache/2.4.6

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.39.0

Is it possible to issue a certificate for private IP address ?
Thanks in advance!.

This isn't going to be possible without using DNS validation to obtain the cert.

2 Likes

As an alternative, if you like split-horizon DNS, you could potentially set something up where elk.internal.mindcurv.com has a routable IP in the external view. E.g. the machine’s own IP, or another machine running a reverse proxy web server…

I’m not endorsing it, just saying you have options. Increasingly complicated and customized options.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.